Hello Lee, Friday, May 03, 2002, 4:21:04 PM, you wrote:
DL> I'm not on the dev team or anything, but I don't understand how you could have *ever* successfully encrypted multiple streams with the same EVP context??? Just the IV's alone would have been DL> screwed up for CBC ciphers and stream ciphers like RC4 would completely break. ECB won't - IV isn't needed there... I didn't say its a complete solution. Still it doesnt break nothing as far as I can tell. More changes has to come of course... Still what exactly this patch does is: I EVP_UpdateEncrypt is called EVP_EncryptFinal intermidiate data in the temporary buf in the context wont be considered a part of the new data stream. DL> Unless, of course, you decrypted in *exactly* the same sequence of streams as you encrypted, in which case, each individual stream would be incorrectly encrypted. DL> still, I don't see how this could have ever worked. DL> -lee DL> -----Original Message----- DL> From: Pavel Tsekov [mailto:[EMAIL PROTECTED]] DL> Sent: Friday, May 03, 2002 5:27 AM DL> To: [EMAIL PROTECTED] DL> Subject: Re: [PATCH] Re: Question on EVP encryption/decryption routines DL> Is there any chance that somone will comment on this topic anytime DL> soon ? PT>> Does the attached oneliner make sense ? IMO it doesnt break anything, PT>> but allows reusing the EVP_CIPHER_CTX in calls to EVP_EncryptUpdate, PT>> after EVP_EncryptFinal is called. PT>> Any comments greatly appreciated :) PT>> The diff is against the released 0.9.6c version of the OpenSSL PT>> library. PT>>> Currently EVP_Encrypt* interface doesnt support PT>>> encryption of multiple data streams with a single PT>>> symmetric key. Is there any chance patches to PT>>> allow this to be accepted in the official OpenSSL PT>>> codebase ? Currently I'm thinking to modify EVP_EncryptFinal PT>>> so it leaves the EVP_CIPHER_STATE in a consistent state PT>>> after finishing its work. PT>>> Any comments on this ? I am aware of the fact that encrypting PT>>> multiple data streams with a single key is not such a good idea PT>>> of a security point of view. DL> ______________________________________________________________________ DL> OpenSSL Project http://www.openssl.org DL> Development Mailing List [EMAIL PROTECTED] DL> Automated List Manager [EMAIL PROTECTED] DL> ______________________________________________________________________ DL> OpenSSL Project http://www.openssl.org DL> Development Mailing List [EMAIL PROTECTED] DL> Automated List Manager [EMAIL PROTECTED] -- Best regards, Pavel mailto:[EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
